Email Server Setup Tips

From Computer Tyme Support Wiki

Many of you are wondering "What did my server get blacklisted?" Unfortunately we live in a world on the internet that is both free and lawless and most email is spam. In the process of sorting it out innocent people are often victimized by criminals who hijack your servers. Sometimes in our efforts to fight spam we make a mistake and wrongly list you.

Nonetheless, here are some tips to distinguish you from spammers or to help you solve problems when you've been hacked. If you follow these practices you are less likely to have your email blocked.

If you got blacklisted then either you were sending spam or we made a mistake and thought you were sending spam. You may be sending spam and not know it.

Contents

Passwords

One way servers get blacklisted is because an attacker has figured out a weak password and is using one of your accounts to send out spam. The best way to reduce the possibility of this happening is to requite strong passwords. If you have setting to configure passwords you should require something more than just lower vase letters. Use MiXeD CaSe, numb3rs, spaces, and punctuation characters! 123456 is not a secure password. If you can't force it through software, make it a company policy.

Firewalls

Small offices and even big offices have an internal network often use one IP address to interface to the rest of the world. If you have say 25 computers in your office and one gets a virus it will be sending email on the same IP address as your email server.

A good firewall policy is to block port 25 outbound so that only your in office email server can send email directly to the world. That way if someone does get a computer virus then the virus can't send spam. Users who need to send email to outgoing email servers that are external to your office network should use port 587 instead of port 25 or use SSL on port 465.

Finding the Virus

You might have figures out that you have a virus in your office but you have 25 computers and you don't know which one it is. There's a quick way to find the culprit.

Virus infected computers send spam as fast as they can. If you have a wired network then all your computers are connected through an Ethernet switch or office router. Most of the switches have blinky lights that blink faster or stay on during periods of high network activity. If you notice that one computer is far more active than it should be then that's probably the one that's infected. On Windows you can also bring up the taks monitor and see what the source of the activity is.

Server Configuration

Forward Confirmed Reverse DNS

One of the biggest things you need to get right is reverse DNS. There are 2 steps to getting it right. First - you need to set up a PTR record for the IP address you are using so as to associate a name with the IP address. Then to establish the forward confirmed part the name for the reverse DNS needs to point back to the original IP address.

It is important to get this right. Although few servers will bounce your email just on bad RDNS it does contribute to your score and if combined with other factors could result in your server being blacklisted and your email bouncing. So better to get it right.

One mistake that people often make is returning a host name in the PTR record that doesn't point back to the original IP address. Sometime the name has no A record. Sometimes it does have an A record and points to a different IP address. Here is a FCrDNS Testing Tool.

SPF Records

SPF is a seemingly good idea but it actually doesn't work in the real world. The side effects outweigh the benefits. However if you feel you must use them them don't use the -all option. Use the ~all instead. The reason is that -all breaks email forwarding and it can cause your good email to be bounced by any hosted spam filtering system like Junk Email Filter that forwards good email to existing servers. To be clear it's not the filtering service that bounces your email but rather the recipient server who thinks the filtering service isn't allowed to forward email. If your email is bouncing because of your SPF record changing to ~all will fix it.